AffixIOAFFIXIO
Contact Us

Energy and utilities field

Energy sector eligibility verification

Energy operators need defensible yes or no decisions at sites, substations, and contractor boundaries. AffixIO returns signed allow or deny without standing up another identity copy in every OT vendor system.

SITE ACCESSCONTRACTOROT EDGEML-DSA-65MERKLEZERO PII

At a glance

Product
Signed eligibility for energy site and operational gates
Scope
Generation, transmission, distribution, contractor clearance
Signatures
ML-DSA-65 post-quantum
Retention
Zero PII at verifier by default

Energy sector eligibility verification decides whether a person, contractor, or device may enter a site or perform an operation, then records that decision as a signed outcome auditors can check.

The challenge

Why energy access copies identity everywhere

Contractor badges, OT vendor directories, and site systems each keep partial identity stores. Breach surface and audit gaps grow with every integration.

Vendor sprawl

Each OT and PACS vendor stores contractor attributes separately.

Offline sites

Remote assets cannot depend on live directory lookups.

Audit pressure

Incident reviews need proof of who was cleared when.

Replay risk

Static QR and badge copies pass naive readers.

Use cases

Energy verification scenarios

Apply at physical and logical boundaries where eligibility must be proven without exporting HR records.

Substation entry

Time-bound contractor clearance with spent-proof.

site QR

Control room gates

Role predicates without directory dump at the door.

ABAC

Field device service

Technician eligibility at the asset edge.

edge SDK

Outage response

Emergency clearance credentials with short TTL.

JIT

Proof pipeline

How verification works

  1. 01

    Issue

    Policy authority defines a Noir circuit for the rule set. Witness inputs come from systems that already own the records.

  2. 02

    Bind

    Proof is bound to event context: programme ID, expiry, geography, and anti-replay nonce. ML-DSA-65 signature applied at issue.

  3. 03

    Present

    User, agent, or device presents the credential via API call or secure QR at the service boundary.

  4. 04

    Verify

    Verifier receives allow or deny plus Merkle reference. No personal data retained at the verifier by default.

Stack

Technical foundation

ML-DSA-65Post-quantum signatures
NoirZero-knowledge circuits
MerkleAudit anchoring
RESTOpenAPI 1.4.2
SDK@affix-io/sdk
QROffline spent-proof

Proof generation can run on infrastructure you control. See technical architecture and circuit catalogue.

FAQ

Frequently asked questions

Does AffixIO replace PACS?

No. It supplies signed eligibility at the verification boundary your PACS or gate can call.

Can verification work offline?

QR spent-proof patterns support intermittent connectivity.

Is OT data stored?

Verifier retention is allow or deny plus proof metadata by default.

Get started

Validate energy sector eligibility verification on the live sandbox, then scope a pilot with engineering.